Hacking groups are using legitimate cloud offerings such as Amazon Web Services to facilitate malware creation and password cracking, delegates at RSA 2010 were told.
The Russian Business Network (RBN), one of the most powerful and extensive malware and hacking organisations, has been buying time on Amazon's EC2 platform to build malware and attack passwords, according to Ed Skoudis, founder of security consultancy InGuardians.
"Bad guys can use the cloud to improve operations just as we can. The RBN has been using Amazon for the same kind of benefits as the good guys," he said.
"It gives them enormous password hacking tools, and can be used in massive search engine optimisation poisoning attacks."
The RBN, based in northern Russia, is one of the biggest and most professional hacking groups in the world.
The organisation started in the pornography business, but quickly moved to crime and now offers malware-as-a-service and hosting services, and provides credit card data and false identities.
Other security professionals have confirmed the use of mainstream cloud services by the hacking and malware community.
"We use it to number crunch, and so do they," Paul Simmonds, chief information security officer at AstraZeneca, told V3.co.uk.
"After all, one set of numbers is all the same in the end. Cloud gives them the power they need to break passwords efficiently."
HP ZBook x2 offers 32GB RAM, M.2 SSD with up to 2TB storage and Nvidia Quadro GPU
Laptops should be able to offer true all-day working, and some
CGN has created an "online capability gap" between cyber criminals and law enforcement, says Europol
ISPs use Carrier Grade NAT to share IP addresses amongst multiple users
Attack revealed bugs and potential security flaws that were later exploited in real-world cyber attacks